Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Sneaky Microsoft plug-in puts Firefox users at risk
COMPUTER WORLD.com ^ | October 16, 2009 | By Gregg Keizer

Posted on 10/20/2009 1:40:53 PM PDT by Cindy

Thanks to a special freepmailer for pointing to this article.

#

SNIPPET: "Computerworld - An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.

One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."

The Microsoft engineers described the possible threat as a "browse-and-get-owned" situation that only requires attackers to lure Firefox users to a rigged Web site."

(Excerpt) Read more at computerworld.com ...


TOPICS: Computers/Internet; Reference
KEYWORDS: firefox; internetexplorer; microsoft; mozilla

1 posted on 10/20/2009 1:40:54 PM PDT by Cindy
[ Post Reply | Private Reply | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

2 posted on 10/20/2009 1:42:11 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cindy

A few hours ago, Firefox warned me that this thing was a risk and recommended that I shut it down.

Nice job Firefox.


3 posted on 10/20/2009 1:43:32 PM PDT by Petronski (In Germany they came first for the Communists, And I didn't speak up because I wasn't a Communist...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Petronski

Got that yesterday myself. Even had a simple click to shut it down without having to walk through some ridiculous process.


4 posted on 10/20/2009 1:45:42 PM PDT by Cletus.D.Yokel (FreepMail me if you want on the Bourbon ping list!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Cindy

I accept only old M$ “updates”. There’s tons and tons of places I don’t want to go to today.


5 posted on 10/20/2009 1:46:15 PM PDT by Paladin2 (Big Ears + Big Spending --> BigEarMarx, the man behind TOTUS)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cletus.D.Yokel

Yep: click here to kill it, or some such thing.


6 posted on 10/20/2009 1:46:49 PM PDT by Petronski (In Germany they came first for the Communists, And I didn't speak up because I wasn't a Communist...)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Petronski

my kids call it “mash here to destroy”...and none of them are gamers.


7 posted on 10/20/2009 1:48:14 PM PDT by Cletus.D.Yokel (FreepMail me if you want on the Bourbon ping list!)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Petronski

Yep, Firefox automatically shut those two problems. But I had no idea Microsoft Updates was putting something into Firefox. How dare they!


8 posted on 10/20/2009 2:03:51 PM PDT by pctech
[ Post Reply | Private Reply | To 3 | View Replies]

To: Cindy

Bump for later


9 posted on 10/20/2009 2:08:21 PM PDT by Sans-Culotte
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cindy

Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension


10 posted on 10/20/2009 2:11:36 PM PDT by BullDog108 (A Smith & Wesson beats four aces)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cindy

Nice - MS now engaged in Cyber-terrorism against its biggest browser competitor?


11 posted on 10/20/2009 2:11:44 PM PDT by TheBattman (Pray for our country...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: coolbreeze

You might want to take a look at this...........


12 posted on 10/20/2009 2:14:57 PM PDT by Gabz (Democrats for Voldemort.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: stanz

ping for a leter examination


13 posted on 10/20/2009 2:24:38 PM PDT by stanz (Those who don't believe in evolution should go jump off the flat edge of the Earth.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Cindy

I see it on my list of add-ons, but it’s not enabled. Is it still a threat?


14 posted on 10/20/2009 2:34:52 PM PDT by dbwz (DISSENT IS PATRIOTIC)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BullDog108

I checked my machine and mine is OK. I have to check the wife’s next. Thanks for the link.


15 posted on 10/20/2009 2:54:10 PM PDT by SeeRushToldU_So ( Go Braves! Braves are gone.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: BullDog108

Thanks for posting the link to the removal instructions. I checked my computer, and I don’t have this extension, but I passed on the link to others to spread the word.


16 posted on 10/20/2009 2:57:29 PM PDT by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Windflier
No problemo. Tell them to be very careful if they have to open regedit to remove this!
17 posted on 10/20/2009 3:06:33 PM PDT by BullDog108 (A Smith & Wesson beats four aces)
[ Post Reply | Private Reply | To 16 | View Replies]

To: SeeRushToldU_So

You’re welcome. Be careful with regedit if you need to remove!


18 posted on 10/20/2009 3:07:24 PM PDT by BullDog108 (A Smith & Wesson beats four aces)
[ Post Reply | Private Reply | To 15 | View Replies]

To: BullDog108

Regedit don’t scare me. I am pretty handy with these things.

Famous last words.......


19 posted on 10/20/2009 3:18:43 PM PDT by SeeRushToldU_So ( Go Braves! Braves are gone.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: BullDog108
Tell them to be very careful if they have to open regedit to remove this!

Well, that should go without saying in this day and age.

The instructions at the link are very precise. If folks only do what's written, they shouldn't have any trouble.

Thanks again.

20 posted on 10/20/2009 3:19:30 PM PDT by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: BullDog108

on this step:

5. Open a new Firefox window, and in the address bar, type about:config and press Enter.

I get:

“the URL is not valid and cannot be loaded.

Anybody know what that’s about?


21 posted on 10/20/2009 4:26:16 PM PDT by Minn (Here is a realistic picture of the prophet: ----> ([: {()
[ Post Reply | Private Reply | To 10 | View Replies]

To: Minn
Make sure that you type in exactly about:config without spaces or http:
I followed these instructions, they worked for me.
22 posted on 10/20/2009 4:34:39 PM PDT by BullDog108 (A Smith & Wesson beats four aces)
[ Post Reply | Private Reply | To 21 | View Replies]

To: TheBattman
Nice - MS now engaged in Cyber-terrorism against its biggest browser competitor?

They are in a bit of a bind. If they don't release for Firefox extensions, they'll get accused of releasing Windows Updates only for IE users and hammered for that.

23 posted on 10/20/2009 9:53:52 PM PDT by Gondring (Paul Revere would have been flamed as a naysayer troll and told to go back to Boston.)
[ Post Reply | Private Reply | To 11 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson